Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-08 | CVE-2021-22134 | Incorrect Authorization vulnerability in multiple products A document disclosure flaw was found in Elasticsearch versions after 7.6.0 and before 7.11.0 when Document or Field Level Security is used. | 4.3 |
| 2021-03-08 | CVE-2021-21362 | Incorrect Authorization vulnerability in Minio MinIO is an open-source high performance object storage service and it is API compatible with Amazon S3 cloud storage service. | 6.5 |
| 2021-03-05 | CVE-2020-29020 | Incorrect Authorization vulnerability in Secomea Sitemanager Firmware Improper Access Control vulnerability in web service of Secomea SiteManager allows remote attacker to access the web UI from the internet using the configured credentials. | 6.5 |
| 2021-03-05 | CVE-2021-27099 | Incorrect Authorization vulnerability in Cncf Spire In SPIRE before versions 0.8.5, 0.9.4, 0.10.2, 0.11.3 and 0.12.1, the "aws_iid" Node Attestor improperly normalizes the path provided through the agent ID templating feature, which may allow the issuance of an arbitrary SPIFFE ID within the same trust domain, if the attacker controls the value of an EC2 tag prior to attestation, and the attestor is configured for agent ID templating where the tag value is the last element in the path. | 4.9 |
| 2021-03-05 | CVE-2021-26964 | Incorrect Authorization vulnerability in Arubanetworks Airwave A remote authentication restriction bypass vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. | 5.5 |
| 2021-03-05 | CVE-2021-21725 | Incorrect Authorization vulnerability in ZTE Zxhn H196Q Firmware 9.1.0C2 A ZTE product has an information leak vulnerability. | 2.7 |
| 2021-03-05 | CVE-2020-28050 | Incorrect Authorization vulnerability in Zohocorp Manageengine Desktop Central Zoho ManageEngine Desktop Central before build 10.0.647 allows a single authentication secret from multiple agents to communicate with the server. | 6.4 |
| 2021-03-04 | CVE-2021-26027 | Incorrect Authorization vulnerability in Joomla Joomla! An issue was discovered in Joomla! 3.0.0 through 3.9.24. | 5.0 |
| 2021-03-01 | CVE-2021-27225 | Incorrect Authorization vulnerability in Dataiku Data Science Studio In Dataiku DSS before 8.0.6, insufficient access control in the Jupyter notebooks integration allows users (who have coding permissions) to read and overwrite notebooks in projects that they are not authorized to access. | 5.5 |
| 2021-02-26 | CVE-2021-26563 | Incorrect Authorization vulnerability in Synology products Incorrect authorization vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows local users to execute arbitrary code via unspecified vectors. | 4.6 |